One of the major issues that are faced by multi-level secure systems is that queries propagating between security domains reveal information about intent. For example, a query from a classified domain, that is, a higher security domain, into an unclassified domain, that is, a lower security domain, for information reveals to the unclassified domain that the classified domain is interested in a particular topic. Since the classified domain does not want to reveal such intent, prior art solutions either seek to hide the source of the query by using proxies or simply bring the unclassified data into the classified domain. In the latter case, this results not only in the cost of hosting the information but also in managing the data at the higher classification.